<div><div dir="auto">Bart,</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Have you guys tried to get the decryption keys for esxiargs ? I work in cyber security and it was announced that CISA had released the keys to help decrypt folks impacted by the ransomware attacks</div><div dir="auto"><br></div><div dir="auto"><div><a href="https://www.bleepingcomputer.com/news/security/cisa-releases-recovery-script-for-esxiargs-ransomware-victims/?s=03">https://www.bleepingcomputer.com/news/security/cisa-releases-recovery-script-for-esxiargs-ransomware-victims/?s=03</a></div><br></div><div dir="auto">73</div></div><div><div dir="auto"><br></div><div dir="auto">Wade W7ITL</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 8, 2023 at 4:09 AM Bart Kus <<a href="mailto:me@bartk.us" target="_blank">me@bartk.us</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
<div>
Your background sounds like you'd make meaningful contributions, so
I'd encourage you to consider participating in read-write mode, not
just read-only.<br>
<br>
We got hit by this a few days ago on several HVs:<br>
<br>
<a href="https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/" target="_blank">https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/</a><br>
<br>
I'll avoid getting into the technical weeds question, to keep this
thread focused on working group formation.<br>
<br>
--Bart<br>
<br>
<div>On 2/8/2023 3:55 AM, Jamie Owens wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">What\when was the most recent beach?
<div dir="auto"><br>
</div>
<div dir="auto">The hypervisors are accessible publicly? Why no
VPN/VPC.</div>
<div dir="auto"><br>
</div>
<div dir="auto">I've been in admin/networking/devops world since
2000 and currently attending to get my BS in CIS/Cyber
Security... so if nothing more, I'd like to tag along and
learn more from this real world scenario from I'm sure way
more experienced users.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Feb 8, 2023, 3:34 AM
Bart Kus <<a href="mailto:me@bartk.us" target="_blank">me@bartk.us</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">All of the
network's control points are on public non-firewalled IPs. <br>
This is the worst security. It was done this way for the sake
of <br>
simplicity. Our netops volunteers had to get up to speed with
<br>
unfamiliar concepts like routing, funky netmasks, dynamic
routing <br>
protocols, policy routing, VRRP, firewalls, MTUs, MSS control,
IPsec, <br>
etc. We reaped the rewards of KISS from broader volunteer
engagement, <br>
but lately we've been paying too heavy of a price for the
awful security <br>
this simplicity creates. In the most recent breach we've lost
important <br>
source code that will now need to be re-created. We escaped
total <br>
disaster by the thinnest of margins, as one critical
hypervisor just <br>
happened to be patched to 1 version higher than exploitable.
This <br>
simplicity is not a good tradeoff anymore, so the time has
come to <br>
introduce more complexity to the network to protect all
control points.<br>
<br>
This is not a simple problem, since there are many fragility
vs security <br>
tradeoffs, as well as complexity cost concerns. If you have
experience <br>
or thoughts around this area, and can commit to a few weeks of
design <br>
and implementation work on this project, please indicate your
interest. <br>
We'll assemble a small working group in the next few days and
start <br>
discussions. I expect the working format will involve some
virtual <br>
meetings, since email is not high bandwidth enough to hash out
<br>
everything quickly.<br>
<br>
Here's hoping we don't make it worse,<br>
<br>
--Bart<br>
<br>
_______________________________________________<br>
PSDR mailing list<br>
<a href="mailto:PSDR@hamwan.org" rel="noreferrer" target="_blank">PSDR@hamwan.org</a><br>
<a href="http://mail.hamwan.net/mailman/listinfo/psdr" rel="noreferrer noreferrer" target="_blank">http://mail.hamwan.net/mailman/listinfo/psdr</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre style="font-family:monospace">_______________________________________________
PSDR mailing list
<a href="mailto:PSDR@hamwan.org" style="font-family:monospace" target="_blank">PSDR@hamwan.org</a>
<a href="http://mail.hamwan.net/mailman/listinfo/psdr" style="font-family:monospace" target="_blank">http://mail.hamwan.net/mailman/listinfo/psdr</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
PSDR mailing list<br>
<a href="mailto:PSDR@hamwan.org" target="_blank">PSDR@hamwan.org</a><br>
<a href="http://mail.hamwan.net/mailman/listinfo/psdr" rel="noreferrer" target="_blank">http://mail.hamwan.net/mailman/listinfo/psdr</a><br>
</blockquote></div></div>
</div>